Hi, I've recently encountered that OpenSSL is sending some unexpected errors when reading X.509 certificate requests, if the key is not specified, or the CSR is not signed.
Now, this seems to happen because it now will specify a length=0 in the ASN.1 structure since the OID is not set (since the key is not specified). And I think this behaviour was introduced in this commit: 2e430277578d3dd586cd005682a54a59d6158146 So, when using asn1parse to read such a CSR, the section that would contain the key has BAD OBJECT, and will throw an error such as 'invalid object encoding' from 'c2i_ASN1_OBJECT' when the certificate is read or loaded. It used to be the case that it would return an OID 0.0 with length=1, but, like I said, this is not the case anymore. I'm using OpenSSL 1.0.2a. I reproduced this error while testing some code using pyOpenSSL. and here's how I reproduced it: http://pastebin.com/Ky1e8Gz0 the asn1parse dump of the CSR that causes the error looks like this: http://pastebin.com/2EvuaLsk While, in OpenSSL 1.0.1f, (the version where I tested this problem doesn't happen), it would look like this: http://pastebin.com/0vzu2zzx Now, I'm not sure how to actually report this bug, since I'm not sure if it's a bug related to the way the CSRs are being interpreted, or a bug related to how the ASN.1 structure is being written. Any insights? BR -- Juan Antonio Osorio R. e-mail: jaosor...@gmail.com
_______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
